Pengroot

**Name of the Vulnerable Software and Affected Versions** DouPHP versions up to 1.9 **Description** A flaw exists in DouPHP that involves improper handling of files within the ZIP File Handler component. Specifically, the issue relates to the processing of the `/admin/file.php` file. Manipulation of the `sql filename` argument can lead to unrestricted file uploads, allowing remote attackers to potentially compromise the system. The exploit for this issue has been publicly disclosed. **Recommendations** Versions prior to 2.0 are vulnerable. At the moment, there is no information about a newer version that contains a fix for this vulnerability.